CN103780450B - The detection method and system of browser access network address - Google Patents
The detection method and system of browser access network address Download PDFInfo
- Publication number
- CN103780450B CN103780450B CN201210410486.7A CN201210410486A CN103780450B CN 103780450 B CN103780450 B CN 103780450B CN 201210410486 A CN201210410486 A CN 201210410486A CN 103780450 B CN103780450 B CN 103780450B
- Authority
- CN
- China
- Prior art keywords
- network address
- browser
- address
- terminal
- web page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/535—Tracking the activity of the user
Abstract
The present invention provides a kind of detection method of browser access network address, includes the following steps: that the networking operation generated to the software of terminal is monitored and intercepts the web page address of networking;First kind network address is detected from the web page address;When the browser of the terminal is currently running and the history of browser access network address is identical as the first kind network address, the browser access first kind network address is judged.Further, it would be desirable to provide a kind of detection systems of browser access network address, technology of the invention, it can accurately detect that browser attempts to access that the behavior of first kind network address, realize the accurate measurements to browser networking behavior, improve the subsequent precision that browser networking behavior is prompted or intercepted.
Description
Technical field
The present invention relates to Network Monitoring Technologies, more particularly to the detection method and system of a kind of browser access network address.
Background technique
In the terminal that can run multiple networking softwares, including front stage operation software and running background software, for can be with
For the terminal for accessing internet, browser is that terminal generates the software of networking behavior more frequently, complicated, so for browsing
Device networking behavior implementing monitoring, is the pith for protecting terminal system safety.
Traditional terminal networking monitoring technology connects restricted net during the monitoring to software, when monitoring software
When location, corresponding prompt can be made or intercepted, but third party's monitoring as networking behavior, monitoring side can not know link
The behavior of restricted network address is triggered by which software, is merely able to examine the restricted net of the softward interview for monitoring terminal
Location, so, due to lacking the accurate measurements to browser networking behavior, if browser has accessed restricted network address, tradition
Terminal networking monitoring technology can not detect it is that browser accesses restricted network address, go to can not network to browser
It accurately prompts or intercepts to execute.
Summary of the invention
Based on this, it is necessary to provide a kind of detection side of the browser access network address of energy accurate measurements browser networking behavior
Method.
A kind of detection method of browser access network address, includes the following steps:
The networking operation that the software of terminal generates is monitored and intercepts the web page address of networking;
First kind network address is detected from the web page address;
When the browser of the terminal is currently running and the history of the browser access network address and first kind network address
When identical, the browser access first kind network address is judged.
In addition, there is a need to provide a kind of detection system of the browser access network address of energy accurate measurements browser networking behavior
System.
A kind of detection system of browser access network address, comprising:
Monitoring module, the networking operation for the software generation to terminal are monitored and intercept the web page address of networking;
Detection module, for detecting first kind network address from the web page address;
Judgment module, is currently running for the browser when the terminal and the history of the browser accesses network address and institute
State first kind network address it is identical when, judge browser access first kind network address.
The detection method and system of above-mentioned browser access network address are produced by the networking behavior of monitor terminal software in terminal
When raw and first kind network address is attached, further judged whether by the historical record and its operating status that detect browser clear
Device of looking at accesses first kind network address, can accurately detect that browser attempts to access that the behavior of first kind network address, realize to clear
The accurate measurements of device of looking at networking behavior improve the subsequent precision that browser networking behavior is prompted or intercepted.
Detailed description of the invention
Fig. 1 is that the browser of one embodiment accesses the detection method flow chart of network address;
Fig. 2 is the structural schematic diagram that the browser of one embodiment accesses the detection system of network address.
Specific embodiment
The specific embodiment work of the detection method of browser access network address of the invention is retouched in detail with reference to the accompanying drawing
It states.
Fig. 1 is that the browser of one embodiment accesses the detection method flow chart of network address, is mainly included the following steps:
Step S10 is monitored the networking operation that the software of terminal generates and intercepts the web page address (URL) of networking.
In this step, mainly the networking behavior for the software installed is monitored in real time in local terminal, one
In a embodiment, step S10 specifically comprises the following steps:
In the behavior of the softward interview network of the real-time monitor terminal of the bottom of operating system.
Specifically, it can use the softward interview of the real-time monitor terminal of network firewall of injection terminal operating system bottom
The behavior of network.For example, for the Android system for being widely used in the wireless terminals such as mobile phone, portable computer at present, Ke Yitong
The IpTable component of injection Android system bottom is crossed to monitor all networking behaviors of all softwares in local terminal.
When listening to software in above-mentioned snoop procedure and being networked, the web page address of interception networking request.
Step S30 detects first kind network address from the web page address.
In this step, first kind network address is mainly detected using the network address database of background server, in a reality
It applies in example, step S30 specifically comprises the following steps:
Firstly, the web page address of interception is transmitted to server end.
Then, the web page address received is matched with the first kind network address prestored in server end, if matching at
Function, then determine corresponding web page address for first kind network address, and by determine result be back to terminal.
Specifically, by the domain name whole of the web page address accessed or interception fractional transmission to background server, backstage is taken
Business identical web page address is matched in URL library, and inquire the domain name whether be the first kind address to be detected.Wherein, net
All kinds of webpage network address and its attribute are recorded in the library of location.
For example, whether the web page address that detect wireless terminal networking is Malware, including fraud is deducted fees, false fishing
The network address such as fish, pornographic webpage and various viral wooden horses, it is assumed that the web page address for being transmitted to background server is
Www.ppp333.com, and include www.ppp333.com in the URL library of background server, and the network address is registered as pornographic
Network address, successful match then determine that the result of judgement for the pornographic network address of malice, is back to terminal by the network address.
It should be noted that can also detect first kind net using other technological means in addition to above-mentioned detection mode
Location, for example, carrying out matching detection first kind network address in the way of local data base.
Step S50, when the browser of the terminal is currently running and the history of browser access network address and described the
When a kind of network address is identical, the browser access first kind network address is judged.
In this step, mainly after detecting terminal access first kind network address, further according to the history of browser
Record and operating status are to determine whether attempt to access that first kind network address for browser, in one embodiment, step S50 is specific
Include the following steps:
Firstly, reading the history access network address in the historical record of the browser of the terminal.
Then, judge whether the history access network address and the first kind network address are equal, if so, further judging institute
State the operating status of browser;If the browser is currently running, determine that the browser attempts to access that first kind network address.
The operating status of browser can be judged with the program interface functions of call operation system, for example, calling Android system
The API that unites inquires currently running program, can obtain the browser execution state of Android system.
It in one embodiment, further will be described after the step of judging the browser access first kind network address
The relevant information of browser access first kind network address is shown.
It is shown by relevant information, intuitive prompt can be provided for user, instruct user to carry out other corresponding
Operation, for example, the networking behavior that can be directed to browser is made accurately when detecting that browser is accessing malice network address
Prompt/interception, or prompt user carry out corresponding intercept and operate, and ensure that the system safety of terminal.
With reference to the accompanying drawing to the specific embodiment of the detection method correspondence system of browser access network address of the invention
It is described in detail.
Fig. 2 is that the browser of one embodiment accesses the detection system structure of network address, specifically includes that monitoring module
10, detection module 30 and judgment module 50.
Monitoring module 10, the networking operation for the software generation to terminal is with being monitored and intercept the webpage of networking
Location.
In the present embodiment, monitoring module 10 is mainly to carry out in fact in local terminal to the networking behavior for the software installed
When monitor, as one embodiment, monitoring module 10 is further used for:
In the behavior of the softward interview network of the real-time monitor terminal of the bottom of the operating system of terminal;When listen to software into
When row networking, the web page address of interception networking request.
Detection module 30, for detecting first kind network address from the web page address.
In the present embodiment, detection module 30 mainly detects first kind net using the network address database of background server
Location, as one embodiment, detection module 30 is further used for:
The web page address of interception is transmitted to server end.
The web page address received is matched with the first kind network address prestored in server end, if successful match,
Determine corresponding web page address for first kind network address, and by determine result be back to terminal.
Specifically, the domain name of the web page address accessed is transmitted to background server, background service is in safe URL library
It is middle to match identical web page address, and the domain name is inquired with the presence or absence of safety problem.Wherein, all kinds of nets are recorded in safe URL library
Page network address and its attribute.
Judgment module 50, for when the terminal browser be currently running and the history of the browser access network address with
When the first kind network address is identical, the browser access first kind network address is judged.
In the present embodiment, judgment module 50 is mainly after detecting terminal access first kind network address, further basis
Historical record and the operating status of browser are to determine whether attempt to access that first kind network address for browser, as an implementation
Example, judgment module 50 are further used for:
Read the history access network address in the historical record of the browser of the terminal.
Judge whether the history access network address and the first kind network address are equal, if so, further judging described clear
Look at the operating status of device;If the browser is currently running, determine that the browser attempts to access that first kind network address.
In one embodiment, judgment module 50 further will after judging the browser access first kind network address
The relevant information of the browser access first kind network address is shown.
It is shown by relevant information, intuitive prompt can be provided for user, instruct user to carry out other corresponding
Operation, for example, the networking behavior that can be directed to browser is made accurately when detecting that browser is accessing malice network address
Prompt/interception, or prompt user carry out corresponding intercept and operate, and ensure that the system safety of terminal.
The detection method one of the detection system of browser access network address of the invention and browser access network address of the invention
One is corresponding, is applicable in the technical characteristic and its advantages of the embodiment elaboration of the detection method of above-mentioned browser access network address
In the embodiment of the detection system of browser access network address.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above embodiment, and corresponding
System, be that relevant hardware can be instructed to complete by computer program, the program can be stored in a computer
In read/write memory medium, the program is when being executed, it may include such as the process of the respective embodiments described above.Wherein, the storage
Medium can be magnetic disk, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random
Access Memory, RAM) etc..
The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously
Limitations on the scope of the patent of the present invention therefore cannot be interpreted as.It should be pointed out that for those of ordinary skill in the art
For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to guarantor of the invention
Protect range.Therefore, the scope of protection of the patent of the invention shall be subject to the appended claims.
Claims (10)
1. a kind of detection method of browser access network address, which comprises the steps of:
The networking operation that the software of terminal generates is monitored and intercepts the web page address of networking;
First kind network address is detected from the web page address;Wherein, the first kind network address is the network address prestored;
When the browser of the terminal be currently running and the history of the browser access network address it is identical as the first kind network address
When, judge that the browser attempts to access that first kind network address.
2. the detection method of browser access network address according to claim 1, which is characterized in that the software to terminal
The networking operation of generation is monitored and includes: the step of intercepting the web page address of networking
In the behavior of the softward interview network of the real-time monitor terminal of the bottom of the operating system of terminal;
When listening to software and being networked, the web page address of interception networking request.
3. the detection method of browser according to claim 1 access network address, which is characterized in that it is described from the webpage
The step of first kind network address is detected in location include:
The web page address is transmitted to server end;
The web page address is matched with the first kind network address prestored in the server end;
The web page address is determined if successful match for first kind network address and will determine that result is back to terminal.
4. the detection method of browser according to claim 1 access network address, which is characterized in that described when the terminal
When browser is currently running and the history of browser access network address is identical as the first kind network address, the browser is determined
The step of accessing first kind network address include:
Read the history access network address in the historical record of the browser of the terminal;
Judge whether the history access network address and the first kind network address are equal, if so, further judging the browser
Operating status;
If the browser is currently running, determine that the browser attempts to access that first kind network address.
5. the detection method of browser access network address according to any one of claims 1 to 4, which is characterized in that judging
Out after the browser access first kind network address, further includes:
The relevant information of browser access first kind network address is shown.
6. a kind of detection system of browser access network address characterized by comprising
Monitoring module, the networking operation for the software generation to terminal are monitored and intercept the web page address of networking;
Detection module, for detecting first kind network address from the web page address;Wherein, the first kind network address prestores
Network address;
Judgment module, is currently running and the history of browser access network address and described for the browser when the terminal
When a kind of network address is identical, judge that the browser attempts to access that first kind network address.
7. the detection system of browser according to claim 6 access network address, which is characterized in that the monitoring module is into one
Step is used for:
In the behavior of the softward interview network of the real-time monitor terminal of the bottom of the operating system of terminal;
When listening to software and being networked, the web page address of interception networking request.
8. the detection system of browser according to claim 6 access network address, which is characterized in that the judgment module is into one
Step is used for:
The web page address is transmitted to server end;
The web page address is matched with the first kind network address prestored in the server end;
The web page address is determined if successful match for first kind network address and will determine that result is back to terminal.
9. the detection system of browser according to claim 6 access network address, which is characterized in that the judgment module is into one
Step is used for:
Read the history access network address in the historical record of the browser of the terminal;
Judge whether the history access network address and the first kind network address are equal, if so, further judging the browser
Operating status;
If the browser is currently running, determine that the browser attempts to access that first kind network address.
10. according to the detection system of the described in any item browser access network address of claim 6 to 9, which is characterized in that described to sentence
Disconnected module is also used to:
The relevant information of browser access first kind network address is shown.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210410486.7A CN103780450B (en) | 2012-10-24 | 2012-10-24 | The detection method and system of browser access network address |
PCT/CN2013/085736 WO2014063622A1 (en) | 2012-10-24 | 2013-10-23 | Method and system for detecting website visit attempts by browsers |
US14/142,491 US9241006B2 (en) | 2012-10-24 | 2013-12-27 | Method and system for detecting website visit attempts by browsers |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210410486.7A CN103780450B (en) | 2012-10-24 | 2012-10-24 | The detection method and system of browser access network address |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103780450A CN103780450A (en) | 2014-05-07 |
CN103780450B true CN103780450B (en) | 2019-03-01 |
Family
ID=50544021
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210410486.7A Active CN103780450B (en) | 2012-10-24 | 2012-10-24 | The detection method and system of browser access network address |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN103780450B (en) |
WO (1) | WO2014063622A1 (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105100061B (en) | 2015-06-19 | 2018-09-04 | 小米科技有限责任公司 | Network address kidnaps the method and device of detection |
CN110769423B (en) * | 2018-09-26 | 2021-12-14 | 北京嘀嘀无限科技发展有限公司 | Automobile data recorder control method and device and automobile data recorder |
CN111092863B (en) * | 2019-11-29 | 2022-12-23 | 视联动力信息技术股份有限公司 | Method, client, server, device and medium for accessing internet website |
CN111431852B (en) * | 2020-02-21 | 2021-06-25 | 厦门大学 | Browser history sniffing method and browser history monitoring method |
CN111372205A (en) * | 2020-02-28 | 2020-07-03 | 维沃移动通信有限公司 | Information prompting method and electronic equipment |
CN112600863A (en) * | 2021-03-04 | 2021-04-02 | 南京敏宇数行信息技术有限公司 | Safe remote access system and method |
CN113612768B (en) * | 2021-08-02 | 2023-10-17 | 北京知道创宇信息技术股份有限公司 | Network protection method and related device |
CN113949731A (en) * | 2021-10-12 | 2022-01-18 | 深兰科技(上海)有限公司 | Network automatic connection method, device, medium and electronic equipment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1859398A (en) * | 2006-01-05 | 2006-11-08 | 珠海金山软件股份有限公司 | System and method for reverse network fishing |
CN1949715A (en) * | 2005-10-12 | 2007-04-18 | 腾讯科技(深圳)有限公司 | Method for limiting browser access network address |
CN102402620A (en) * | 2011-12-26 | 2012-04-04 | 余姚市供电局 | Method and system for defending malicious webpage |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090157859A1 (en) * | 2007-12-17 | 2009-06-18 | Morris Robert P | Methods And Systems For Accessing A Resource Based On URN Scheme Modifiers |
-
2012
- 2012-10-24 CN CN201210410486.7A patent/CN103780450B/en active Active
-
2013
- 2013-10-23 WO PCT/CN2013/085736 patent/WO2014063622A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1949715A (en) * | 2005-10-12 | 2007-04-18 | 腾讯科技(深圳)有限公司 | Method for limiting browser access network address |
CN1859398A (en) * | 2006-01-05 | 2006-11-08 | 珠海金山软件股份有限公司 | System and method for reverse network fishing |
CN102402620A (en) * | 2011-12-26 | 2012-04-04 | 余姚市供电局 | Method and system for defending malicious webpage |
Also Published As
Publication number | Publication date |
---|---|
WO2014063622A1 (en) | 2014-05-01 |
CN103780450A (en) | 2014-05-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103780450B (en) | The detection method and system of browser access network address | |
CN110472414A (en) | Detection method, device, terminal device and the medium of system vulnerability | |
CN108664793B (en) | Method and device for detecting vulnerability | |
EP2852913B1 (en) | Method and apparatus for determining malicious program | |
CN103368957B (en) | Method and system that web page access behavior is processed, client, server | |
CN109660502A (en) | Detection method, device, equipment and the storage medium of abnormal behaviour | |
KR102355973B1 (en) | Apparatus and method for detecting smishing message | |
CN103856471B (en) | cross-site scripting attack monitoring system and method | |
CN103746992B (en) | Based on reverse intruding detection system and method thereof | |
CN108696490A (en) | The recognition methods of account permission and device | |
CN102592089B (en) | Detection method and detection device for webpage redirection skip loophole | |
CN104361281B (en) | A kind of solution of Android platform phishing attack | |
CN108989355A (en) | A kind of leak detection method and device | |
CN107579997A (en) | Wireless network intrusion detection system | |
CN103605924A (en) | Method and device for preventing malicious program from attacking online payment page | |
CN110516448A (en) | A kind of grey box testing method, apparatus, equipment and readable storage medium storing program for executing | |
CN104182681B (en) | Hook-based iOS (iPhone operating system) key behavior detection device and detection method thereof | |
CN107302586A (en) | A kind of Webshell detection methods and device, computer installation, readable storage medium storing program for executing | |
CN102045319A (en) | Method and device for detecting SQL (Structured Query Language) injection attack | |
CN108769070A (en) | One kind is gone beyond one's commission leak detection method and device | |
CN107770125A (en) | A kind of network security emergency response method and emergency response platform | |
CN106998335A (en) | A kind of leak detection method, gateway device, browser and system | |
WO2019144548A1 (en) | Security test method, apparatus, computer device and storage medium | |
CN107896219A (en) | A kind of detection method, system and the relevant apparatus of website fragility | |
CN102970282A (en) | Website security detection system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |